Archive

Monday, January 5, 2009

Disaster can happen anytime to any strong setup. The best way to provide stability is by establishing mechanisms to provide continuity to all critical Operations. This can be achieved by a proper Business Continuity Plan (BCP). Business Continuity Planning is not only very important for CISA examination but equally important for Information Systems/Information Security setup. It is very critical to identify all critical process. Criticality ranking is required.Recovery Process needs to be established and a proper testing system is to be devised.Following are the essential steps in designing a successful BCP.

1. Business Impact Analysis

In the first phase we define all the critical resources which includes critical procedures, critical process and all the critical people. Remember processes connect procedures and people. Their impact analysis is studied individually and in overall system.

Depending upon architecture of the Information System Testing mechanism should be adopted. Ideal situation will be a paper test followed by Full test. For the full test a replica of main setup is needed as Disaster recovery setup.

4.Documentation

All of the above steps should be well documented, tested and approved.

5.Involvement of top Management

In my view this is the most crucial step for a successful BCP.

6.Periodic review

Periodic review is very important. BCP should also be reviewed when there is a major change in Information System.
Read More......